Skip to content

Common Errors when Deploying with IaC

When you deploy kdb Insights Enterprise using the provided Infrastructure as Code (IaC) bundle, the deployment can fail for various reasons. Below are some common errors and possible actions you can take to address them.

Common errors and solutions

No capacity to create EC2 Instances

No capacity to create EC2 Instances. Please increase quota code L-1216C47A (On-Demand Standard EC2 Instances). Available On Demand vCPUs: 5, Required On Demand vCPUs: 142

Request a resource quota increase in the AWS console.

Security group rules not found

Error: waiting for Security Group (<security-group>) Rule (...) create: couldn't find resource

Check if the security group IDs are correct and ensure they have been created properly.

Insufficient permissions to create cloudWatch logs group

AccessDeniedException: User with accountId: (...) is not authorized to perform CreateLogGroup with Tags.

Add the logs:TagResource permission to the IAM user.

Network ACL entry already exists

NetworkAclEntryAlreadyExists: The network acl entry identified by (...) already exists.

Update or remove the duplicate entries in the network ACL.

Invalid instance type for EKS

InvalidParameterException: [is4gen.xlarge] is not a valid instance type for requested amiType AL2_x86_64

Modify the instance type to a compatible type.

Unsupported availability zone for EKS

UnsupportedAvailabilityZoneException: Cannot create cluster because EKS does not support creating control plane instances in us-east-1e.

Check the supported availability zones:

data "aws_availability_zones" "available" {
  state = "available"
  filter {
    name   = "opt-in-status"
    values = ["opt-in-not-required"]
  }
  filter {
    name   = "availability-zone"
    values = ["us-east-1a","us-east-1b","us-east-1c"]
  }
}

Exclude unsupported zones:

data "aws_availability_zones" "available" {
  state = "available"
  exclude_names = ["us-east-1d","us-east-1e","us-east-1f"]
  filter {
    name   = "opt-in-status"
    values = ["opt-in-not-required"]
  }
}

Modify the main.tf file as necessary:

cd terraform/modules/k8s_cluster_aws/
vim main.tf

IAM policy or role already exists

EntityAlreadyExists: A policy/role called (...) already exists. Duplicate names are not allowed.

Rename the IAM policy or role, or reuse the existing one if appropriate.

remote-exec provisioner error

Error: remote-exec provisioner error: timeout - last error: dial tcp 52.33.134.220:22: i/o timeout

Check and update the Terraform scripts to ensure the whitelist IPs are correct.

Invalid instance type for EKS node group

InvalidParameterException: [is4gen.xlarge] is not a valid instance type for requested amiType AL2_x86_64

Modify the instance type to a compatible type in the main.tf file:

```hcl
resource "aws_eks_node_group" "this" {
  instance_type = "t3.medium"  # Change to a valid instance type
  ...
}
```
Back to top